Context Navigation

source: extensions/GuestBook/include/guestbook.inc.php @ 28630

Last change on this file since 28630 was 28630, checked in by mistic100, 10 years ago
use trigger_change
File size: 9.2 KB

Line
1	<?php
2	if (!defined('GUESTBOOK_PATH')) die('Hacking attempt!');
3
4	global $user;
5
6	include(GUESTBOOK_PATH . 'include/functions.inc.php');
7
8	$url_self = empty($page['start']) ? GUESTBOOK_URL : add_url_params(GUESTBOOK_URL, array('start' => $page['start']));
9
10	// +-----------------------------------------------------------------------+
11	// \| actions \|
12	// +-----------------------------------------------------------------------+
13	if (isset($_GET['action']))
14	{
15	switch ($_GET['action'])
16	{
17	case 'edit_comment':
18	{
19	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
20
21	check_input_parameter('comment_to_edit', $_GET, false, PATTERN_ID);
22	$author_id = get_comment_author_id_guestbook($_GET['comment_to_edit']);
23
24	if (can_manage_comment('edit', $author_id))
25	{
26	if (!empty($_POST['content']))
27	{
28	check_pwg_token();
29	$comment_action = update_user_comment_guestbook(
30	array(
31	'comment_id' => $_GET['comment_to_edit'],
32	'content' => $_POST['content']
33	),
34	$_POST['key']
35	);
36
37	$perform_redirect = false;
38	switch ($comment_action)
39	{
40	case 'moderate':
41	$_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.');
42	case 'validate':
43	$_SESSION['page_infos'][] = l10n('Your comment has been registered');
44	$perform_redirect = true;
45	break;
46	case 'reject':
47	$_SESSION['page_errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
48	$perform_redirect = true;
49	break;
50	default:
51	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
52	}
53
54	if ($perform_redirect)
55	{
56	redirect($url_self);
57	}
58	unset($_POST['content']);
59	}
60	else
61	{
62	$edit_comment = $_GET['comment_to_edit'];
63	}
64	}
65	break;
66	}
67	case 'delete_comment' :
68	{
69	check_pwg_token();
70
71	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
72
73	check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID);
74
75	$author_id = get_comment_author_id_guestbook($_GET['comment_to_delete']);
76
77	if (can_manage_comment('delete', $author_id))
78	{
79	delete_user_comment_guestbook($_GET['comment_to_delete']);
80	}
81
82	redirect($url_self);
83	}
84	case 'validate_comment' :
85	{
86	check_pwg_token();
87
88	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
89
90	check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID);
91
92	$author_id = get_comment_author_id_guestbook($_GET['comment_to_validate']);
93
94	if (can_manage_comment('validate', $author_id))
95	{
96	validate_user_comment_guestbook($_GET['comment_to_validate']);
97	}
98
99	redirect($url_self);
100	}
101
102	}
103	}
104
105	// +-----------------------------------------------------------------------+
106	// \| add comment \|
107	// +-----------------------------------------------------------------------+
108	if (isset($_POST['content']) && (!is_a_guest() \|\| $conf['guestbook']['guest_can_add']))
109	{
110	$comm = array(
111	'author' => trim(@$_POST['author']),
112	'email' => trim(@$_POST['email']),
113	'content' => trim($_POST['content']),
114	'website' => trim($_POST['website']),
115	'rate' => @$_POST['score'],
116	);
117
118	include_once(GUESTBOOK_PATH.'include/functions_comment.inc.php');
119
120	$comment_action = insert_user_comment_guestbook($comm, @$_POST['key']);
121
122	switch ($comment_action)
123	{
124	case 'moderate':
125	$page['infos'][] = l10n('An administrator must authorize your comment before it is visible.');
126	case 'validate':
127	$page['infos'][] = l10n('Your comment has been registered');
128	break;
129	case 'reject':
130	set_status_header(403);
131	$template->assign('GB_OPEN', true);
132	$page['errors'][] = l10n('Your comment has NOT been registered because it did not pass the validation rules');
133	break;
134	default:
135	trigger_error('Invalid comment action '.$comment_action, E_USER_WARNING);
136	}
137	}
138
139	// +-----------------------------------------------------------------------+
140	// \| display comments \|
141	// +-----------------------------------------------------------------------+
142	$where_clauses = array('1=1');
143	if (!is_admin())
144	{
145	$where_clauses[] = 'validated = \'true\'';
146	}
147	if (isset($_GET['comment_id']))
148	{
149	$where_clauses[] = 'com.id = '.pwg_db_real_escape_string($_GET['comment_id']);
150	}
151
152	// number of comments for this picture
153	$query = '
154	SELECT
155	COUNT(*) AS nb_comments
156	FROM '.GUESTBOOK_TABLE.' as com
157	WHERE '.implode(' AND ', $where_clauses).'
158	;';
159	$row = pwg_db_fetch_assoc(pwg_query($query));
160
161	// navigation bar creation
162	$page['start'] = 0;
163	if (isset($_GET['start']))
164	{
165	$page['start'] = $_GET['start'];
166	}
167
168	$navigation_bar = create_navigation_bar(
169	GUESTBOOK_URL,
170	$row['nb_comments'],
171	$page['start'],
172	$conf['guestbook']['nb_comment_page'],
173	false
174	);
175
176	$template->assign(array(
177	'COMMENT_COUNT' => $row['nb_comments'],
178	'navbar' => $navigation_bar,
179	));
180
181	if ($row['nb_comments'] > 0)
182	{
183	$query = '
184	SELECT
185	com.id,
186	author,
187	author_id,
188	'.$conf['user_fields']['username'].' AS username,
189	date,
190	content,
191	validated,
192	website,
193	rate,
194	email
195	FROM '.GUESTBOOK_TABLE.' AS com
196	LEFT JOIN '.USERS_TABLE.' AS u
197	ON u.'.$conf['user_fields']['id'].' = author_id
198	WHERE '.implode(' AND ', $where_clauses).'
199	ORDER BY date DESC
200	LIMIT '.$conf['guestbook']['nb_comment_page'].' OFFSET '.$page['start'].'
201	;';
202	$result = pwg_query( $query );
203
204	while ($row = pwg_db_fetch_assoc($result))
205	{
206	if (!empty($row['author']))
207	{
208	$author = $row['author'];
209	if ($author == 'guest')
210	{
211	$author = l10n('guest');
212	}
213	}
214	else
215	{
216	$author = stripslashes($row['username']);
217	}
218
219	$tpl_comment = array(
220	'ID' => $row['id'],
221	'AUTHOR' => trigger_change('render_comment_author', $author),
222	'DATE' => format_date($row['date'], true),
223	'CONTENT' => trigger_change('render_comment_content', $row['content'], 'guestbook'),
224	'WEBSITE' => $row['website'],
225	);
226
227	if ($conf['guestbook']['activate_rating'])
228	{
229	$tpl_comment['STARS'] = get_stars($row['rate'], get_root_url().GUESTBOOK_PATH .'template/jquery.raty/');
230	}
231
232	if (is_admin() and !empty($row['email']))
233	{
234	$tpl_comment['EMAIL'] = $row['email'];
235	}
236
237	if (can_manage_comment('delete', $row['author_id']))
238	{
239	$tpl_comment['U_DELETE'] = add_url_params(
240	$url_self,
241	array(
242	'action'=>'delete_comment',
243	'comment_to_delete'=>$row['id'],
244	'pwg_token' => get_pwg_token(),
245	)
246	);
247	}
248	if (can_manage_comment('edit', $row['author_id']))
249	{
250	$tpl_comment['U_EDIT'] = add_url_params(
251	$url_self,
252	array(
253	'action'=>'edit_comment',
254	'comment_to_edit'=>$row['id'],
255	)
256	);
257	if (isset($edit_comment) and ($row['id'] == $edit_comment))
258	{
259	$tpl_comment['IN_EDIT'] = true;
260	$tpl_comment['KEY'] = get_ephemeral_key(2);
261	$tpl_comment['CONTENT'] = $row['content'];
262	$tpl_comment['PWG_TOKEN'] = get_pwg_token();
263	$tpl_comment['U_CANCEL'] = $url_self;
264	}
265	}
266	if (is_admin())
267	{
268	if ($row['validated'] != 'true')
269	{
270	$tpl_comment['U_VALIDATE'] = add_url_params(
271	$url_self,
272	array(
273	'action' => 'validate_comment',
274	'comment_to_validate' => $row['id'],
275	'pwg_token' => get_pwg_token(),
276	)
277	);
278	}
279	}
280	$template->append('comments', $tpl_comment);
281	}
282	}
283
284	$show_add_comment_form = !is_a_guest() \|\| $conf['guestbook']['guest_can_add'];
285	if (isset($edit_comment))
286	{
287	$show_add_comment_form = false;
288	}
289
290	if ($show_add_comment_form)
291	{
292	foreach (array('content','author','website','email') as $el)
293	{
294	${$el} = '';
295	if ('reject'===@$comment_action and !empty($comm[$el]))
296	{
297	${$el} = htmlspecialchars( stripslashes($comm[$el]) );
298	}
299	}
300	if (is_classic_user())
301	{
302	$author = $user['username'];
303	$email = $user['email'];
304	}
305	if (empty($conf['comments_email_mandatory'])) // < 2.5 compatibility
306	{
307	$conf['comments_email_mandatory'] = false;
308	}
309
310	$template->assign('comment_add',
311	array(
312	'F_ACTION' => $url_self,
313	'KEY' => get_ephemeral_key(3),
314	'CONTENT' => $content,
315	'IS_LOGGED' => is_classic_user(),
316	'AUTHOR' => $author,
317	'WEBSITE' => $website,
318	'EMAIL' => $email,
319	'ACTIVATE_RATING' => $conf['guestbook']['activate_rating'],
320	'EMAIL_MANDATORY' => $conf['comments_email_mandatory'],
321	));
322	}
323
324	$template->assign(array(
325	'GUESTBOOK_PATH' => GUESTBOOK_PATH,
326	'ABS_GUESTBOOK_PATH' => realpath(GUESTBOOK_PATH) . '/',
327	));
328
329	$template->set_filename('guestbook', realpath(GUESTBOOK_PATH . 'template/guestbook.tpl'));
330	$template->assign_var_from_handle('CONTENT', 'guestbook');

Note: See TracBrowser for help on using the repository browser.

Download in other formats: